Something we have seen that may have been missed by many customers and admins is a quietly published article about Microsoft support for the Office Suite in 2020 (a little more than a year from now!).
This article was found by reviewing the Office 365 Message Center articles back in 2017. Unfortunately, the default view provided by this feature only shows the last few months of articles and the one from 2017 no longer appears.
The article that was posted seems harmless at the time and had a simple statement about Office 365 support in 2020. Most people in our experience never saw this article.
The article indicated that in 2020, Office products that would be used to connect to Office 365 would only be supported and usable by the then current version of Office that was installed from your Office 365 tenant. Our reading interprets this to mean that possibly the retail versions of the Office product will not be usable against Office 365, even if it were the most recent version (Office 2019 as of today).
We suggest all customers of Office 365 to continually review the “Message Center” messages that are posted as well as the “Service Health” advisories. Many changes to Office 365 are announced thru the Message Center, but many changes that can have considerable impact on the enterprise are not announced with any loud or attention-grabbing fanfare. In addition, given that Microsoft may announce changes that are many years in advance of the actual change, such announcements will fall out of view in a few months.
Here are some of the specific details regarding the changes that are scheduled for the latter half of 2020:
https://www.priasoft.com/wp-content/uploads/2019/04/O9IY340.jpg13001300Eriq VanBibber/wp-content/uploads/2016/01/Pria_email_logo.pngEriq VanBibber2019-04-22 19:47:302026-04-23 13:19:31Outlook and Office Products may fail connecting to Office 365 in October 2020
Exchange Online, part of Office 365, is essentially a really large implementation of the same components that customers would run on-premises. In the case of Exchange Online, Microsoft runs thousands of Active Director Forests to support its implementation of Exchange. In some cases, Microsoft may need to migrate or ‘shift’ Active Directory objects supporting Exchange Online between forests to rebalance the number of AD objects per forest. In most cases, this normal background maintenance goes unnoticed by customers.
Recently, we had a customer in the middle of a migration to Office 365 using our solutions while this type of background maintenance was being performed. The customer was reporting logon failures to Office 365 during the customers migration effort and we needed to investigate. During troubleshooting we realized that Exchange Online background maintenance was the root cause in this specific case. During our troubleshooting we learned from Microsoft how to determine when your Office 365 tenant was actually in the middle of such an event using PowerShell.
If you are experiencing logon failures to Exchange Online and would like to test if maintenance or ‘shifting’ may be the root cause, you can run the following PowerShell command. For information on connecting to Office 365 PowerShell – please see the following Microsoft article.
Get-OrganizationConfig | fl *region*
The output from the above command – example shown below – according to Microsoft should return with no values. Empty values, as in our example, means your tenant is not currently being ‘shifted’. If you do show values, this could indicate your tenant is being ‘shifted’ and you can either wait or contact Microsoft for further assistance.
Note: At the time of this posting, the information provided is believed to be accurate and useful. As Microsoft reserves the right to change its internal processes or procedures at any time we provide this information “as is”, with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information as outlined in our terms of use. If you are unsure or suspect you may be affected by internal maintenance, we encourage you to contact Microsoft support for further assistance and guidance.
https://www.priasoft.com/wp-content/uploads/2019/02/OIHDMF0-min.jpg500500Eriq VanBibber/wp-content/uploads/2016/01/Pria_email_logo.pngEriq VanBibber2019-02-27 14:16:512026-04-23 13:19:34How to Test if Office 365 Tenant Maintenance is Causing Outlook Logon or MAPI_E_FAILONEPROVIDER Errors
On January 22, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued a Emergency Directive – 19-01 – outlining steps you can take to mitigate a new threat discovered of DNS tampering / hijacking.
Hackers capturing user credentials that have the authority to make changes to theDomain Name System (DNS), through fishing or other means, have been redirecting web, email, and potentially other traffic to systems they control. In some instances they intercept data and can even store and forward the received data to further hide the malicious activity to avoid or prolong detection by the targeted entity.
At Priasoft, we understand that security is a top concern for IT and are working hard on new security technologies that we are bringing to market in Q3 2019 that can mitigate this type of threat. We have several security products we are bringing to market to combat the security vectors we see as under severed and unprotected, including DNS and email phishing. If you would like to receive early notification as we complete the testing, development, and release cycles please contact us here.
We have outlined the background in the directive below and encourage administrators that have credentials to manage DNS to review key DNS records, change their passwords, and fully read the DHS directive to avoid being compromised by this latest attack technique.
Background from the DHS Directive
Using the following techniques, attackers have redirected and intercepted web and mail traffic, and could do so for other networked services.
The attacker begins by compromising user credentials, or obtaining them through alternate means, of an account that can make changes to DNS records.
Next, the attacker alters DNS records, like Address (A), Mail Exchanger (MX), or Name Server (NS) records, replacing the legitimate address of a service with an address the attacker controls. This enables them to direct user traffic to their own infrastructure for manipulation or inspection before passing it on to the legitimate service, should they choose. This creates a risk that persists beyond the period of traffic redirection.
Because the attacker can set DNS record values, they can also obtain valid encryption certificates for an organization’s domain names. This allows the redirected traffic to be decrypted, exposing any user-submitted data. Since the certificate is valid for the domain, end users receive no error warnings.
In closing, attackers are becoming more and more creative in the types of attacks and this DNS attack is just one of the many new threat vectors IT needs to monitor and secure. More than ever, IT needs to remain diligent to avoid being the victims of attacks.
https://www.priasoft.com/wp-content/uploads/2023/03/55b86715-32be-4623-924a-a83749dcac33.png10241024Priasoft Editorial Team/wp-content/uploads/2016/01/Pria_email_logo.pngPriasoft Editorial Team2019-02-07 23:12:292026-04-23 13:19:37Department of Homeland Security Warns About DNS Hijacking
What’s The Difference Between O365 And Microsoft 365?
Simply put, Office 365 is a cloud platform that offers Exchange online, OneDrive, Word, Excel, Outlook, as well as other services and applications via a subscription plan whereas Microsoft 365 offers the same services and applications as Office 365 but also includes Windows 10 Pro and Enterprise, Mobility + Security for a complete Enterprise offering under a single subscription plan.
Microsoft 365 offers customers, which have not made the transition to Office 365, is an out of the box solution with all the features of Office 365 plus Windows 10, including security and device management right from the start. Additionally, Microsoft 365 is the beginning of a future where desktops and devices are primarily joined to your Office 365 Azure Active Directory subscription taking over the traditional on-premises role of Active Directory running on servers in your datacenter. With this new paradigm, you would generally only need to maintain a backup Active Directory Domain Controller on-premises for redundancy in the event of a temporary loss on network connectivity.
If you are already on Office 365 you still have the option to deploy Windows 10 Pro and subscribe to a security service, however, this approach is not as simple as subscribing to Microsoft 365 from the beginning.
If you would like to learn more about Office 365 and Microsoft 365 we have provided some resources to get you started. If you would like to speak to one of our cloud migration specialists you can contact us here.
Resources To Get You Started
Transform Your Workplace With Microsoft 365
New Tools To Help Prepare For Deployment And Ensure PCs Are Up-To-Date
Microsoft 365 Security – Everything You Need To Know In 8-Minutes
Azure AD Pass-Through Authentication And Seamless Single Sign-On
https://www.priasoft.com/wp-content/uploads/2019/01/microsoft-365-image.jpg384690Priasoft Editorial Team/wp-content/uploads/2016/01/Pria_email_logo.pngPriasoft Editorial Team2019-01-30 18:41:342026-04-23 13:19:40Office 365 vs. Microsoft 365 – Explained
Exchange Server 2010 will reach end of support on January 14, 2020. If you haven’t already started thinking about your migration from Exchange 2010 to Office 365 or Exchange 2016 now’s the time.
What Does End Of Support Mean For My Organization?
All Microsoft products have a support lifecycle during which Microsoft will provide new features, bug fixes, and security fixes. The typical Microsoft product lifecycle is 10 years from the date the product was RTM (released to manufacturing). Therefore, when Exchange 2010 reaches its end of support on January 14, 2020, Microsoft will no longer provide:
Bug fixes for issues that may impact the stability, usability, or performance of the server
Security updates for vulnerabilities that will make the server vulnerable to possible security breaches
Time zone updates
Technical support for critical issues that may occur
You can continue to run Exchange 2010 after January 10, 2020, however, we strongly recommend that you migrate from Exchange 2010 as soon as possible and Priasoft can help make the transition smooth and painless regardless if you’re moving to Office 365, Exchange 2016, or Exchange 2019.
To learn more about migrating Exchange 2010 to Exchange 2016 have a look at our article here.
If you would like to speak to one of our migration experts about migrating Exchange 2010 to Office 365 or Exchange 2016 please contact us. You can also request a free trial of our Priasoft Migration Suite for Exchange to begin testing migrations and estimating migration timing using our Dry-Run feature that lets you simulate the migration without disrupting end users.
https://www.priasoft.com/wp-content/uploads/2019/01/Exchange-2010-virtualization.png288603Priasoft Editorial Team/wp-content/uploads/2016/01/Pria_email_logo.pngPriasoft Editorial Team2019-01-10 15:52:202026-04-23 13:19:43Exchange 2010 End of Support – Time to migrate to Office 365 or Exchange 2016
Upgrade to Exchange server to benefit from new features such as support for Windows Server Core and EAI address support, reducing the attack surface and freeing up server resources. Microsoft’s continued support for On-premises enterprise customers showcases their commitment to meeting diverse needs, even in the era of cloud migration.
https://www.priasoft.com/wp-content/uploads/2019/01/exchangeserver2019-logo.jpg401900Priasoft Editorial Team/wp-content/uploads/2016/01/Pria_email_logo.pngPriasoft Editorial Team2019-01-03 14:43:302026-04-23 13:19:46What’s new in Exchange Server 2019
Public Folders have been a part of Microsoft Exchange since Exchange 5.5 (circa 1995). The concept of a shared-mailbox has been around for nearly the same amount of time, although in the early iterations of Microsoft Exchange, the product did not provide a distinct category for shared mailboxes as does more recent versions.
Public Folders are a blessing and a curse for many organizations. The blessing is that it is possible for users to share information in a natural and native way through the use of the Public Folder system. A user with owner permissions on a folder can control access to that folder and its child folders if desired, which is great for departments and teams.
The curse of Public Folders, which many come to understand on their own, is that they can grow like a vine and can become a management nightmare as well as a setting up a data hoarding scenario whereby huge datastores end up being created for a large percentage of data that truly has no value. The one thing that is often found with Public Folders is where users, teams, departments, etc. end up using them as an archive system or a semblance of a shared file store – which are, in our opinion, improper use cases for Public Folders.
With the advent of the cloud and Office 365 and recent versions of Microsoft Exchange, there is new talk circling about shifting from Public Folder to Shared Mailboxes. Conceptually, it sounds quite simple. Take data from some folders in the Public Folder system, and copy that data to a shared mailbox. Then, give users access to that shared mailbox…and presto! No more Public Folders!
However, the difference between theory and reality in this case is important to understand and consider. Read on for Priasoft’s experience in working to support this from a software developer’s point of view and why we backed away from such support.
Public Folder have some inherent features that make them popular for use. In order to contrast the differences between them and Shared Mailboxes, we’ll outline some of the obvious, and non-obvious features and aspects of Public Folders.
It’s Exchange!
First and foremost, Public Folders are natively a part of Microsoft Exchange. As such, Outlook users have a natural and intuitive experience in working with them. Public Folders simply show up as folders in the Outlook view and can be interacted with in the same way as any other folder. This feature of Public Folders means that a user does not have to leave Outlook in order to access shared data and can easily drag/drop items to/from Public Folders. Users can even copy or move data between other folders in their Outlook experience, such as to/from PST files, their own mailbox, or even shared mailboxes.
Another inherent point of value is that data stored in Public Folders immediately gets the value of the Exchange implementation, for example, data backups, data security, and high availability. Users do not have to worry about data loss or backups of the data they store and work with in Public Folders, as long as the administrators on the back end have implemented such aspects, which most do. Further, remote access to this data simply follows the user with their normal Outlook access. A traveling user that is allowed to connect to their mailbox while away from the office, automatically has the same level of access to Public Folders. Also, in current versions of Microsoft Exchange, including Exchange Online from Office 365 (which currently runs a version of Microsoft Exchange 2016), Outlook Web Access [OWA] provides access to Public Folders through a web-browser.
Calendars And Contacts
Pubic Folders inherently support calendars and contacts. Concepts such as a corporate events calendar, department calendar, etc. are great uses of Public Folders, especially for cases where all users in the organization should have at least read access to such data.
Calendars in Public Folders render as calendar views in Outlook just as they would for a calendar folder in a mailbox. The user experience is the same, and that has tremendous value if for no other reason that no time or money (of any substantial amount) has to be used to train users on this function.
Contact folders are also great uses of Public Folders. A departmental contact folder is not an uncommon use of such a folder, especially for cases where the contacts in the folder are project or case specific. Exchange administrators would not really want a bunch of new Contact objects in the Exchange Address Book (GAL) for such cases. However, storing customer contact info or client specific contact information in such a folder can be very useful.
Templates
Another good use of Public Folders is for the storage and access to company templates. For example, an organization may produce a set of Excel or Word templates for use by users for things like “leave/vacation requests”, “purchase orders”, etc. This can even be done at a department level.
As long as this concept is managed and doesn’t convert to a “file repository”, the concept works well and often better than a shared file system – consider that the same template files that exist in a company “share” on a file system will typically be inaccessible to a user that is travelling away from the corporate network, but could get the info from Public Folders with ease.
Mail-Enabled Folders
Public Folders can be “mail enabled”, meaning that they can be setup to receive mail directly by an SMTP address. With this setup, the Microsoft Exchange mail transport handler will route incoming mail directly to the folder. This can be very convenient for low use addresses, and ones where a reply from that address are not expected, like a “do not reply” type address.
Mail-enabled folders can also be hidden from the general Exchange Address Book, so that they don’t clutter up the GAL for regular users.
Folder Assistants
Public Folders also support a simplified “rules” system whereby messages posted or received by a folder can be forwarded, deleted.
Archives And Project Data
While Priasoft doesn’t think this is a good use of Public Folders, it is a scenario we see quite often. This is also a scenario that we see most often that yields Public Folder sizes that are very large. Nonetheless, there are valid cases for such a structure.
The more ‘unfriendly’ use of Public Folders is for archival – not really the right place for such, but it occurs. We have seen cases where entire mailboxes of terminated users were shifted to public folders so that the data was retained after the user account and mailbox were deleted. Again, not the best use of the system, but not extremely rare either.
Data Access After Termination
This feature is a bit more subtle, but can solve some issues. Consider a user that has left the organization, but someone who’s influence on the organization was fairly high. Access to his/her email conversations are often something that someone else will need in order to take over that person’s responsibilities. If the behavior of such a user was to use a Public Folder for non-personal conversation, things like customer or partner communications, the access to such info becomes quite easy to provide to someone else. However, this only works when the organization behavior supports it. Valuable nonetheless.
They Exist In All Versions Of Exchange, Even Office 365!
Lastly, Microsoft found out after Exchange 2007 that Public Folders were here to stay. There are just too many organizations that have invested in Public Folders for Microsoft to simply drop them. Microsoft has for years, however, tried to push companies to reduce the use of Public Folders and to put data in other solutions like SharePoint, Teams, OneDrive, etc.
There does not appear to be any talk or attempt to drop Public Folders at any future time. So, they are here now and will likely be here for many years to come.
Shared Mailboxes also have some inherent features and benefits and are quite common in organizations. Shared Mailboxes, should not be thought of as binary choice between them and Public Folders. It is quite common for organizations to have both.
They Are Mailboxes!
A Shared Mailbox is just that – a mailbox. As such, it receives all the aspects of a mailbox that one would expect. It has folders, one or more email addresses, and so on. As a mailbox, it supports rules, out-of-office, delegation, and all the features a mailbox provides.
They Are Meant To Be Shared
As a “shared” mailbox, they are meant to be shared with others. Permissions to either the entire mailbox or individual folders in the mailbox are possible. As a mailbox, if another user is given “Full Access” permission to the mailbox, Outlook (in most cases) will “auto map” the shared mailbox into the user’s Outlook profile and experience.
Shared Mailboxes Are Not Public Mailboxes
Unlike a Public Folder, a shared mailbox is not “public” in the sense that it is easily browsed for or searched. This can be good or bad depending upon the situation. Shared mailboxes can be hidden from the Global Address List in order to obfuscate them from the rest of the organization. In addition and unlike a public folder, just because one user has “Full Access” privileges to the mailbox does not mean they can give other users that same right. Only an Exchange Administrator can give users full access to a mailbox.
Database Policies And Limits
Just like a regular mailbox, a shared mailbox can inherit policies and limits imposed at higher levels. These same limits can also be overridden on a per-mailbox basis. In Office 365, where there are no database for the public to manage, the limits are imposed by Microsoft – but can be changed with certain ranges.
Licensing (Office 365)
A shared mailbox in Office 365, in its default state, does not consume a license and does not incur a cost. However, if certain other features are desired or required, those features may require the shared mailbox to also have a license. Some common features that require a shared mailbox to have a license are:
Unlimited Archive
eDiscover features
Litigation Hold features
Direct Logon or direct OWA access
User State (On-Premises)
In an on-premises deployment, a “shared mailbox” is supported by a user account in the same way as a regular mailbox.
However, the user account is required to be a disabled account, which prevents the account from being used as a logon account for other access. Microsoft Exchange enforces this behavior and the underlying user account of the “shared mailbox” is enabled, the shared mailbox stops working. However, this doesn’t mean that a normal user mailbox cannot be “shared”. The “Full Access” permission can be applied to a shared mailbox and user mailbox equally. The difference only being that user mailbox shared in this way can also be logged on to directly.
Challenges And Differences
When the Priasoft team was first looking at this scenario, it was thought to be a valuable idea. Considering the no-cost option with Office 365’s implementation and the similarities between the sharing models, it was imagined that this would be a simple and straightforward path…we found out otherwise after we started.
There ended up being several technical discussions with the team on how to present options and which options to offer. Ultimately it was the sheer permutation of possibilities that sunk this project for us. Some very smart people understood that the support burden could become very high, and when that happens it usually means a customer is unhappy – which is not our goal.
The following will outline the various challenges that were faced and the way the discussions formed. We encourage all who are evaluating the path of Public Folders to Shared Mailboxes to consider these elements before diving in too deeply.
Where Does The Folder Go?
This was one of the first questions that created a debate. The following were some of the options that were offered with regards to where the “source” Public Folder could or should be placed in the “target” shared mailbox.
With the same name, as a root folder (same level as Inbox)
As a child folder of the Inbox.
Merged into the Inbox, which means the original folder name was lost.
As a child folder of some other defined folder or custom folder.
Almost as soon as these options were identified, the question arose of “what if the source folder is a calendar folder?” This added more complexity to the discussion. In this case, should the source folder be a child of the shared mailbox’s primary Calendar folder? A subfolder under the calendar?
The same questions for Contact folders and any other non-default public folder also arose.
Bear in mind that this simple question was only discussing a case of a single folder from the public folder tree!
Presenting these options in a software program became difficult to lay out in an intuitive manner. While we could simply have provided a drop-down or some checkbox option, the explanation of each option needed a fair amount of text.
What About Subtrees?
As was mentioned above, the question was also made about subtrees versus single folders. Consider a subtree of folders from the Public Folder system, possibly one that has only a dozen or so folders in total. In addition to the questions above, new options were needed with regards to this. Should the entire subtree structure be maintained, and was that appropriate for the use and behavior of the contents of the folders?
The concern that was debated was a case that is seen quite commonly in Public Folders: a normal parent folder with a mix of regular, calendar, and contact folders in the subtree. The question was on how those should map to the mailbox. If the structure of the subtree were simply preserved, the previous options above still applied. However, in a mailbox, calendar folders under the inbox is unexpected.
Furthermore, mailboxes (and public folders) do not allow for two folders with the same name to exist under the same parent folder. If the source subtree had any repeated folder names at different levels, mapping those folders as root folders or child folders of the inbox could pose a problem.
Mail-Enabled Folders?
Next on the topic of discussion was mail-enabled folders. In Microsoft Exchange’s Public Folder system, it is possible to have a Public Folder have its own email address and the mail system can deliver mail to that address directly into that folder. This is a very valuable feature of Public Folders.
However, in contrast, a mailbox cannot have specific folders “mail enabled” – the entire mailbox is mail-enabled! Email addresses are assigned to the mailbox, and on receipt are only delivered to the “Inbox” folder.
Remembering the options presented previously about “where does the folder go?”, the choice made would affect mail-flow. One might say that a mail-enabled public folder is a good candidate for “merging” into the default Inbox of the shared mailbox. However, if an end-user is expecting and used to seeing the folder name, it can be confusing at first. In addition, if a 3rd party application is involved, it may expect the folder by name.
If the source folder is preserve and create as either a root folder or a child folder, the issue now becomes one of how to get data from the Inbox on receipt into the named folder. Most people at this point should be thinking of mailbox rules. While this is possible, the creation, management, and editing of mailbox rules is only done by Outlook. There’s no support command-line or powershell automation for rules. As such, this can become a tedious and challenging support issue.
To make matters potentially worse, if the source is a subtree of folders, with some or all of those folders being mail-enabled, the complexity increases greatly. All the email addresses of the mail-enabled folders in the subtree would have to be captured, set on the mailbox for receipt, and then separate rules created for each address to move data to the right folder.
Software tools could accomplish this, and, in fact, the Priasoft team was planning on implementing this very idea. However, the creation of rules become a new set of complexity, with a new set of options and questions to ask of an administrator. Attempting to create a user interfaces with so many questions and options started to become a very daunting task.
Mailbox Access Versus Folder Access
Another discussion point that came up was in regards to whether only the folder in the new shared mailbox was shared, or whether the entire mailbox was shared. From a software and automation perspective, and one that could potentially be working with hundreds or thousands of folders, this question became critical. There would be little value in fork lifting data from public folders into a shared mailbox if the original users of the public folders had no access to the shared mailbox.
Public folders – by the nature of being folders – have very granular rights that can be applied. However, in contrast a mailbox has essentially only one right that can be applied: Full Access. There’s also another right related to a mailbox, but is technically a “user” right: Send-As. The distinction is important because the Full Access right is applied to the mailbox and is ultimately stored in the Exchange database on the mailbox metadata. However, the Send-As right – which lets a user send mail out with a reply address of a different mailbox – is stored on the actual Active Directory user account as part of the normal object security. The point is that the application and adjustment these two different rights is handled by different coding mechanisms.
Individual folders in a mailbox have the same opportunity for permissions as a public folders – which should make sense as they are both “folders”.
The challenge that was faced in this regard was that the Full Access permission on a mailbox is quite broad and sweeping. It is similar to the Owner permission on a public folder, but greater. A user with Full Access to another mailbox has, as the name implies, “full” access to the mailbox. Meaning that all child folder can be deleted moved or modified as well as the contents. As such, it would not be possible to grant Full Access to a user and then simultaneously limit the same user to only certain folders in the mailbox.
In contrast, permissions on folders in a mailbox could be mapped identically to the permission that were set on the source public folder. The challenge with this approach was that unless a user had Full Access permission to the mailbox, a user could not see more than one folder at a time from that shared mailbox. Furthermore, the user would have to know the mailbox name and the folder he or she wanted to access. There’s nothing that a user could browse. Lastly, while any folder can be shared in a mailbox, Outlook – in later versions – makes accessing non-default folders (i.e. Inbox, Calendar, Contacts, etc.) difficult or impossible. This, in turn, complicates the options provide earlier of where to place the source folder in the shared mailbox.
Posts Versus Messages
Public Folders in Microsoft Exchange do have something that is unique to them for which mailboxes do not. By default, creating a new public folder cause that folder to be created as a “post” folder. A Post folder changes the rendered view and behavior such that the concept of sender and receiver is dropped. However, using Outlook a user with sufficient privilege can create a child folder that is a “message” folder, where the contents render more like a normal message folder in a mailbox.
An internal debate ensued about whether to silently treat Post folders as normal message folders, or to do some sort of conversion. Ultimately, this question was never answer as the project ended before an answer was required. The point to note is that a standard public folder is not exactly the same as a normal folder in a mailbox. Even such small differences can be enough to sour the user experience and drive up support costs.
User Experience
Priasoft has always been concerned about the end-user experience that follows a migration or other action. When the options started to evolve with regards to migrating public folders to shared mailboxes, the team started to worry about the end-user impact. The user experience for many cases would be dramatically different and could be quite disruptive.
We caution those looking at this path to consider the cost of retraining user behaviors with regards to shared data and the likely increase in support requests in relation.
Administrative Burden
Another element that was quickly realized was the increased burden on Exchange administrators once the migrations completed. The Full Access permission is a right that only an administrator can apply – unless additional software is also provided somehow allow users to manage this permission.
The use case that was brought to the team was one where the folders that were moved to a shared mailbox were a subtree for a specific department. When a new team member was added, that user would need access to the shared mailbox, but the team leader or department manager would have no way to provide the necessary right and would have to hand off the request to someone else.
Some may quickly state that the use of a security group could make this easier. While true, the ease is only seen by the administrator. Adding users to groups is inherently an Active Directory element.
From there others might suggest that a user with owner rights over a mail-enabled security group could self-manage the members and provide the necessary access – which is absolutely true and a path that was explored. However, there are some inherent security risks with the use of mail-enable security groups and there are many organizations that suppress this ability.
No Customization Or Limiting
With a shared mailbox, one gets all of what it provides with no customization.
This topic was also mentioned in Priasoft developer meetings on this project and was from the concern that users might only want to see the folder or subtree just as they saw it in the public folder system. However, there’s no supported or manageable way to hide any of the default folders in a mailbox.
A shared mailbox will always have the default folders, whether they are wanted or not: Calendar, Contacts, Drafts, Deleted Items, Inbox, Outbox, Sent Items, Sticky Notes, Journal, etc. If the source public folder(s) that are being considered for migration to a shared mailbox, it can be confusing to users afterwards to see all the standard mailbox folders in addition to the original public folders.
In addition, the standard folders in an Exchange mailbox can no longer be modified – in Exchange 2007 and earlier it was possible for a software developer to change the name of the Inbox or other folders, but Microsoft removed this ability starting with Exchange 2010.
In the end, and hopefully expressed well enough, Priasoft scrapped the idea of an automated solution to take Public Folders to Shared Mailboxes. While this path is still a very interesting and active topic in general, the list of differences and inherent limitations of a mailbox caused our team to back off the idea.
Priasoft encourages customers to consider carefully the elements and challenges we faced before making to deep a commitment to this path. Even if the cost and time of the migration is dismissed, the cost to end users and the loss of productivity and also the likely increase of activity at the help desk can be more than most realize.
Priasoft also understands the situation that organizations can be in with regards to public folders, especially when they become very large, and/or when there is a desire to retire the on-premises Exchange platform in favor of Office 365. Priasoft has engineered the first and, based on customer feedback, the best Public Folder Synchronization toolset available. Public folders can be carried forward to any version of Exchange, including Office 365 with this solution.
Lastly, it may be best to start with analysis of public folders, usage, and behaviors before starting any migration work on them. if there are any chances to cull data, or shift certain branches of the folders to a different – and more appropriate – medium like a document management solution, file system, or archive we encourage such.
Remember as well that Public Folders are not inherently “bad”, but have been easy to abuse. There are valid and valuable uses for public folders. Any time that can be spent to identify the “good” uses of public folders is worthwhile.
We are experts in Public Folder Migrations. To learn more about our solutions use the buttons below:
https://www.priasoft.com/wp-content/uploads/2022/12/Migrate_Public_Folders.jpg9371024Travis Williams/wp-content/uploads/2016/01/Pria_email_logo.pngTravis Williams2018-09-24 15:27:242026-04-23 13:19:51Migrating Exchange Public Folders To Shared Mailboxes-Is It A Good Idea?
Migrate Exchange 2010 To 2016 With Priasoft’s Migration Suite For Exchange
The driving event that prompts the need for migration may vary, but the demand to execute does not. Whether the event is a merger, acquisition, divestiture, or upgrade, the success of such a project depends upon many factors – of which some of the most influential are perception elements like the end-user experience afterwards.
Priasoft has been deeply involved in this category for nearly two decades now (starting in 1999 with a large enterprise migration of a petroleum company). Through those number of years, our understanding of what makes a migration successful, versus not, has grown and we have been able to provide a “run book” of sorts that helps enterprises, both large and small, orchestrate their migrations with minimal disruption.
Migrating email between environments, or even as an upgrade, is not without challenges. The elements that increase or decrease these challenges vary between businesses, but there are several elements that are the same for nearly all migrations. The typically common elements are usually technical in nature, exposed as features of Microsoft Exchange, SMTP, Active Directory, and so on. Elements that are more business, policy, or market specific are the ones that make a migration unique.
Priasoft’s nearly twenty year timespan in this space means that we’ve seen most of the unique and mundane challenges that are part of migrations, and while there may not be a technological or automated solution to all the elements, our experience is there to fill the gaps with either guidance, expectation setting, scripting, or education.
What Determines Success?
The success of a migration is generally more of a “perception” of success than any measurable technical outcome. If end users are complaining after a migration, regardless of the validity of the complaint, the perception is soured and might not be considered very successful, especially if there is a productivity or support cost related to the complaints. Even a flood of simple questions to the help desk after a migration, like “why does it seem to take longer for Joe to get my emails now?”, can be costly as it can create a spike in support which may get in the way of more critical support issues.
One of the first steps then for migration should be a document of “success criteria”. This may be as simple as “all mailboxes migrated, and no more than a 10% increase in post migration support”. However, the more criteria that can be added to the document, the better. Adding dependent elements like compliance, eDiscovery, and or sales integration may be part of a given success criteria. Do what is appropriate for the business needs.
Is Exchange 2010 Unique?
The previous paragraphs likely seem very generic, and in truth they are and would apply equally to any migration. Migrating from Exchange 2010 to 2016 is a fairly unique path, not because it is not performed very often (quite the opposite!), but because there are many architectural differences between the versions. This document will draw out those differences, and will provide some fundamental guidance in this regard.
Some primary differences between these versions that should be noted are:
• Differences in how item, folder, and mailboxes sizes are calculated by Exchange. • Differences in how the server roles operate (CAS, HUB, MBX, etc.) • Differences in how Public Folders are stored, configured, and managed. • Differences in how Outlook (on Windows) can connect to mailboxes • Differences in RAM and CPU utilization • Differences in management interfaces
There are many other more subtle differences, but none that are so critical that can affect a migration or post-migration experience. Many of the other differences are purely technical or architectural differences, while others are more of a style difference.
We are experts in 2010 to 2016 Migration, to learn more about our solutions follow the link below:
Vocabulary And Conventions
Before diving in to the details of how to migrate and the order of operations, it is probably best for some vocabulary to be introduced so that there is less possibility of confusion since some of the terms may have different meanings for different readers.
Mailbox, Mailbox User, Mailbox Enabled User
An Active Directory user account that has mailbox attribute assigned by Microsoft Exchange.
Shared Mailbox
This is a Microsoft Exchange specific mailbox subtype. This object still requires an Active Directory user account, but the account is disabled for logons.
Shared User Mailbox, FullAccess Mailbox
This is a Priasoft term to specifically identify mailboxes that have been given FullAccess rights to other users, but are not necessarily a “shared mailbox” under the Microsoft definition.
Room Mailbox, Calendar Mailbox, Shared Calendar Mailbox, etc.
The actual term “Room Mailbox” is a Microsoft Exchange specific mailbox subtype as well. In the same manner as a “shared mailbox”, the Active Directory account is also disabled for logon.
Equipment Mailbox, Resource mailbox, etc.
This actual term “Equipment Mailbox” is also a Microsoft Exchange specific mailbox subtype. In the same manner as a “shared mailbox”, the Active Directory account is also disabled for logon.
Application Mailbox, non-user Mailbox
This is a set of Priasoft terms to specifically identify mailboxes that are not associated with a real person, but are also not one of the other Microsoft subtypes.
Public Folders
This terms will be used to identify the whole concept of Public Folders as an atomic entity. The server, the contents, etc.
Public Folder Database
This is a Microsoft Exchange specific term that exists for Exchange 2013 and later. Public Folder data is stored in one or more mailboxes, but data does not replicate between them.
Exchange Address Book, GAL, Global Address List, etc.
The specific Microsoft terms “GAL” and “Global Address List” refer to the entire set of mail-enabled objects for which exchange is aware. This document will use these terms to discuss the entire set of mail objects available to Exchange, both hidden and visible, groups, users, contacts, etc.
Mail-Enabled User (MEU), mail-user
The specific Microsoft term “Mail-Enabled User” identifies an Active Directory user account that only has email addresses and a forwarding address (like a contact). As a user account, it can have a password and can be disabled for logon.
Contact, Mail-Enabled Contact, mail contact
These terms refer to Active Directory contact objects that have been mail-enabled in Exchange. It is possible and acceptable to have Active Directory contact objects that are not seen by Exchange. There are a specific set of additional “Exchange specific” attributes that make an Active Directory contact mail-enabled.
Mail-Enable Group, Distribution List
This is a Microsoft Exchange specific adoption of an Active Directory group object. These groups can be either Distribution or Security groups.
Is There A Recommended Order To This?
Of course! While migrating in a different order than we propose is possible, and can even be as successful, we have found through the years that migration order that differs from our recommendation tends to have more issues, support, and “perception souring”.
In the basest and simplest of terms we recommend migrating as follows:
1. Exchange Address Book 2. Public Folders 3. Mailboxes 4. Outlook/mail applications
However, this is obviously greatly oversimplified, and nonetheless still very accurate and true. Let’s add some detail and additional steps to ensure success and to prevent “perception souring”.
Here’s a revised order:
1. Determine Migration Type
Same-forest: This is an upgrade of Exchange 2010 to 2016 where the new Exchange 2016 servers are simply going to be added to the existing Active Directory forest/domain. Cross-forest upgrade: This is a migration of Exchange 2010 to 2016 where Exchange 2016 will exist in a new or possibly pre-existing Active Directory forest/domain, but is, for the most part, an empty target environment. Cross-forest merge: This is a migration of Exchange 2010 to 2016 where Exchange 2016 exists in an already established environment and the event is driven by a merger or acquisition type of scenario.
The migration type changes the complexity and challenges that one will face and none of the types above are inherently more or less complex or risky. The choice of tools used, understanding of the capabilities and limitations of Exchange, and business tolerances have more influence on complexity than anything else.
2. Discovery And Categorization
This topic covers the discovery and identification of “what should migrate” as well as “what is the use and purpose of the objects to be migrated”. We find very often, in the early development of a migration strategy, only “user mailboxes” are initially considered. However, such is not the entirety of Microsoft Exchange. Review the vocabulary list for more detail.
Our suggestion on this topic is to identify ALL MAIL-ENABLED OBJECTS that are or could be, or could have been used by Exchange. It is important to understand that when an email is sent or received thru Microsoft Exchange, the recipients and sender data embedded in the message are not always SMTP (joe@coolstuff.com) addresses. When messages are sent between objects in Exchange, the embedded address is actually an x500 address (/o=OrgName/ou=AdminGroupName/cn=recipients/cn=objectID). Every mail-enabled object in Exchange has an X500 address. It is rarely seen, and Microsoft does not show it in any of the normal user interface dialogs of either its management tools nor in Outlook or mail clients. The value is stored in Active Directory in the attribute named ‘legacyExchangeDN’. It’s also important to note that ALL objects that are part of Exchange have this value: servers, policies, users, contacts, groups, etc. This is the unique address for all objects in Exchange. Failing to include all the objects in a migration can create NDRs (non-delivery reports) to end users when the reply or reply-all to migrated messages.
The identification of all mail objects is important because they may exists in unexpected or forgotten locations in Active Directory. We have seen many times where some non-user mailboxes or special mail groups exist in Active Directory containers outside of the normal business structure.
The categorization part of this topic involves the separation of objects by type, by delimiters that might influence the success of the migration. For example, there may be 1000 people with mailboxes in an organization, but perhaps 50 of them – due to their job function – use encrypted email or have some mail-enabled application that creates a need for special handling of those users’ data. We have found it best to start with what is generally known at an organization with regards to uniqueness as just a set of categories. As purely an example and suggestion a table similar to the following could be used, and checkboxes or ‘x’ chars used to mark all the categories for which a user or object belongs.
ObjectID
ObjectType
Desktop User
Laptop User
Encrypted mail
Archived mail
Uses sender certificates
Very large mailbox
VIP/Influencer
Not Domain-Joined
Traveler
Has mail on mobile device
Joe Cool
User Mailbox
Yes
Yes
No
No
Yes
No
No
No
No
No
Larry Lobster
User Mailbox
No
Yes
No
No
No
Yes
Yes
No
Yes
Yes
Carl Larc
User Mailbox
Yes
No
No
Yes
No
No
No
Yes
Yes
Yes
Producing a table similar to the above can help identify how many users and how many different groups of users you have that may need special treatment thru the migration. Users that have desktops that are not domain-joined, for example, might not be able to be automated for updates to Outlook profiles after a migration. Such may require the user to do their own action, or may require help from IT support services.
3. Address Book Sync
This migration element is the act of capturing all the mail-enabled objects from the source environment and pre-staging them in the target in a working fashion. The Priasoft Collaboration Suite is a set of tools that facilitate this effort. This task ensures that all the related “mail-able” objects are represented in the target environment. Note that in a same-forest migration this is ignored as there is only the one Active Directory and so no need to copy or sync anything.
For cross-forest migrations however, this is a critical element. Consider that mail-enabled groups, contacts, mail-users, mailboxes, and even mail-enabled public folders exist in Exchange and ALL of these object types have their respective Exchange attributes stored in Active Directory.
If the mailboxes were simply migrated without this consideration, users’ replies to old messages will likely have non-delivery responses for those other object types.
This is listed here in this position in the order of things due to its importance, and possibility of challenges. There is a common case where user accounts were migrated or setup in the target Active Directory prior to any consideration for the Exchange migration that was due to come later. One challenge created by this is matching. If the user accounts created have no matching details of source objects, such forces some tedious “human actions” to match objects between the source and target environments. This issue is exacerbated by merger/acquisition scenarios since the target will already have existing users with and without mailboxes – conflicts on name, use, and purpose tend to always be present and have to be discovered, analyzed, and passed up to object owners for decisions on what actions to take.
Another possible challenge are with Contacts in the target Active Directory. It is common also for administrators to “get a head start” on things by creating Contact objects in the target Active Directory for all the mailboxes in the source. Unfortunately, it is not realized until later the problem that is created: a contact cannot be converted to a mailbox because a contact cannot receive a password. Only user accounts can have mailboxes. This creates a pre-migration “cleanup” whereby all the contacts have to be removed so that mailboxes can be created – Exchange will not allow two objects to have the same email address, mail alias, and a few other attributes. Furthermore, deleting these contacts should not be treated as a trivial inconvenience. Each contact has a unique x500 value (legacyExchangeDN) value which could be embedded in the mailboxes that exist in the target environment. Deleting contacts, without consideration for this value can cause non-delivery messages for existing users, before a migration has even occurred! Further to that, the contacts may be members of mail groups and may have additional email addresses or other display attributes for which the actual source mailbox does not have. Blindly deleting these contacts often ends up with many “odd” support issues that appear difficult to explain.
Priasoft tools and support staff help customer tackle this first major migration task with relative ease.
We are experts in 2010 to 2016 Migration, to learn more about our solutions follow the link below:
4. Testing Preparations
A good plan is only as good as it has been tested before unleashed on production objects. Testing is extremely valuable to success, however as the value of the testing is dependent upon the quality and types of testing. Testing Preparations is a step where the testing framework is setup and configured based on technical needs, business goals, and desired answers to be validated.
We do NOT recommend doing first tests, or even later tests with real users! From 20 years of experience, we have seen nearly every case of “real user tests” or “pilot groups” create problems instead of solving them. One of the primary reasons a pilot group creates issues is because those users will be in a new environment that is distinctly not the same as the one they left. There are certain features of Microsoft Exchange – mostly collaboration features – that were never designed to work between different environments and sometimes not even between different versions of Exchange.
We recommend creating as many different types of “test objects” as necessary to satisfy all the different concerns and categories (consider step 2 above). In reality, the architects and executors of the migration will know more about what to test and how to test items than a user would. Additionally, most pilot group users – regardless of them agreeing to participate and ‘there may be some issues’ – don’t expect there to be any issues, and when there are, can report such soured perceptions back to their peers, creating a potential “progress blocker”.
Test preparations then should include not only the creations of mailboxes, group, etc. in Exchange, but also the end-user situations as much as possible. Creating typical user “desktops” and situations are key to good testing. If it has been identified that a group of users exist for which group policies cannot be applied to make changes, the testing of such a desktop scenario should be tested.
This type of setup will also for a full “dress rehearsal” of the migration, but without the potential of affecting any real users.
5. Mail Client Updates – Automation/Execution
The next migration element to handle is how updates to mail applications will occur. Outlook (on Windows) can be updated automatically in many ways and Priasoft has a unique and very important utility application that can be used to update Outlook profiles to reconfigure them to point to the new migrated mailboxes. The choice of automation of this update though is left to the decision of the environment owners and administrators. Group Policy logon scripts are the most common way to handle this, but any process that can cause an application to run “as the user” will suffice. Desktop automation software like Microsoft SCCM can also be used.
Referring once again to the importance of categorization, identifying users and situations where automation cannot be applied is also important. For those cases, some alternative method must be introduced, which can mean providing instructions to users to “self-service” the updates, or thru interactive help-desk sessions.
Mobile clients are an especially taxing complexity of migrations. Unless the organization being migrated already has an automation platform for mobile (known as MDM or Mobile Device Management solutions), such devices may have to be updated manually by “somebody”, which could be the user, the help-desk staff, the migration team, or consultants. A special note on mobile devices: the importance of the mobile experience as it relates to mail can be a determining factor as to “how fast can we migrate”. It has been seen many times that while mailboxes and updates to Outlook clients are proven to occur for 1000s of users in a 24 hour period, if the importance of mobile is very high, such can cause a migration to change from a single-event migration to a multiple-event migration possibly spanning many weeks. The longer a migration is split between environments, the great the chance the perception of success will sour. It is highly recommended to balance between these concepts.
Outlook Profile updates are very important to migration success. Outlook tends to be the primary user interface for Microsoft Exchange and as such is usually the most visible element of Exchange. Failures with Outlook after a migration can obviously be very disruptive. Additionally, it should be know that Outlook – being simply a software program for email – has no built-in understanding of migrations. In a same-forest migration (upgrade Exchange 2010 to 2016), Outlook can query Active Directory to determine new mailbox database details and can usually update itself properly. However, this success is dependent upon the user account remaining as the same Active Directory account thru the migration. In a cross-forest migration, Outlook has no understanding of this.
AutoDiscover is often thought to be a bit of “magic” for handling Outlook profiles. Unfortunately, this is not true. An Outlook profile will store many values that related to the source environment and which are never seen in any configuration dialogs. As such, if Outlook gets only new servers names for which to connect (which is all AutoDiscover really provides), it will simply try to connect to those endpoints, but without clearing out any of the previously cached information. In this ‘half-baked’ state, Outlook will attempt to make connections to both environments and if the source environment resources for which Outlook is still trying to use become unavailable, Outlook will lock up. Additionally, there are other Outlook features that can be affected by this ‘half-baked’ state such as folder delegation, calendars, free-busy lookups, offline-address-books, etc.
Priasoft profile update utility is a valuable and necessary component of a successful migration.
6. Public Folders
If the organization that is to be migrated has Public Folders, the migration of them can become a very complicated topic. We have also heard many organization state that they will simply “not keep them” and simply leave them behind, or will attempt to shift the public folders to shared mailboxes. While both ideas have their merits, attempting to do this work in conjunction with the overarching email migration often ends up being a bad idea. Public Folders by their nature can be used by users in ways and on frequencies that are extremely difficult or impossible to retrieve. Leaving pubic folders behind not only can be disruptive to users, but can also be a failure in a compliance audit or subpoena for information.
We suggest saving these ideas – culling or converting to shared mailboxes – for a post-migration project or projects. Doing so will separate any issues that arise from the experience as it relates to the migration, and can remove unnecessary pressure on timelines and milestone achievements.
Priasoft has public folder synchronization tools which, as the term implies, can manage updates to Public Folders on one or both sides of a migration (source and target environments). In the specific case of Exchange 2010, the migration/sync of public folders become important and complex due to Microsoft change in architecture from “Public Folder Databases” to “Public Folder Mailboxes”. The Microsoft tools do not provide an elegant solution to this and create a situation where there is forced “downtime” for Public Folders during its “cutover” event, which takes ALL PUBLIC FOLDERS offline for the duration of that cutover event. The Priasoft solution does not do this and allows users on both sides, should the migration be a multi-event migration pattern, to work with public folders.
In addition, please review the later topic on Exchange 2010 key differences later in this article as there are some very important sizing and planning for Pubic Folders that must occur.
7. Dry-Run Migrations
Dry-run migrations are specifically different than the testing which was referred in step 3 above. Dry-run migrations are a feature of the Priasoft Migration Suite for Exchange that allows for the migration of mailboxes into dry-run accounts for a “sandbox” migration experience. This ability provide several very important outputs that become critical in the development of the migration plan and schedule.
1. Functional Tests: This use of the dry-run provides “sanity checks” to show that migrations still work. Consider that the business is still “live” and it could be that environmental changes have occurred between the last use of the migration tools and now. A quick functional test will prove whether the environmental changes affect the ability to migrate, or not.
2. Performance Tuning: This use of the dry-run provides a way to determine the maximum performance of the migration by forcing all of the environmental variables to participate. The concept is to gradually increase the “run rate” of the migration to a point where the environment(s) show that it cannot do more.
3. Fidelity Checks: This use of the dry-run provides a way to determine which mailboxes will succeed versus fail. It will also expose any environmental issues. Essentially, any issues that occur in a dry-run are issue that would also occur in a production run. However, there is now the ability to discover those issues and either make changes to correct them, or work around them.
4. Duration and Timing: Since a dry-run migration actually copies data – but without interference or changes to end user experiences – the duration of mailboxes and of an entire batch is accurate down to the minute. A dry-run batch of 1000 users showing a completion time of 24 hours can be accurately used for scheduling purposes a week or two later, plus or minus only a few minutes for possible new data since the last dry-run.
5. Target environment load testing: The target databases used for the dry-run will be filled with real data from source mailboxes, possibly exposing any storage configuration or hardware issues for which a traditional ‘load gen’ scenario could never do. We have seen many times where the results of a dry-run leads to the discovery of issues with the target storage system, and where other tests did not.
8. Sample And End-To-End (E2E) Tests
Although dry-runs tests provide much value, by design, it does not make any end-user changes and so cannot expose any issues with the production migration that are related to those elements. End-to-End tests with test mailboxes and desktops becomes important for such elements. These tests can be done concurrently with dry-runs if desired and if sufficient staff and bandwidth are available to do such. It is often better, however, to do E2E testing after dry-runs since the dry-run exercises may lead to discoveries of issues that can be resolved before E2E tests.
9. Migration Scheduling And Orchestration
Dry-run migrations, by design, will provide timing data so that scheduling of actions and resources – human and technology – are managed efficiently. This also helps set expectations better for end-users, department leaders, application owners, etc.
Additionally, once timing information is available, batching and orchestration work can occur which is simply a process of determining which users migrate first, second, or third and when each group should start. Consider that without detailed timing information provided by the dry-runs, this type of work cannot really occur, at least not with any accuracy.
So, now we have a 9-step process for migrations that hopefully provide a better overall context on how to be successful.
Exchange Key Differences And Points Of Concern
As an article focused on Exchange 2010 to 2016 migrations, it is important that some key topic be shown that can influence the migration in various ways.
Size Information
Exchange 2010 and earlier, used a different algorithm for reporting item, folder, and mailboxes sizes than does later versions of Exchange. Exchange 2010’s size calculations were from an idea of “how many bytes to send this somewhere”. Exchange 2013 and later changed to “how many bytes consumed on disk”. Note that the size of the item stored in the database on the disk is not different, only the reporting of its size. This difference in reporting means that the exact same item will be reported larger by 30-40% in Exchange 2013 and later.
Consider this change in a numeric way:
Exchange 2010
Exchange 2016
Item Size
100 kb
130 – 140kb
1 mb
1.3 – 1.4 mb
Mailbox Size
1.65 GB
2.14 – 2.31 GB
38GB
49.4 – 53.2 GB
Now consider the many features of Exchange that uses size information. For example, if the source environment has a mailbox database policy that limits mailboxes to 2GB, a mailbox of 1.65GB is obviously safely below that limit. However, after a migration and if the same policy values were set on target databases, the mailbox will likely exceed the limit and users will be impacted afterwards.
The same is true for message size limits, attachment limits, etc. it is highly recommended to review all the elements of the target environment that are setup to react to size information to ensure that it is accommodating this difference in calculation.
Public Folders
Public folders are also affected by this. If the source public folder “database” is 200GB, as measured from the actual database file in the file system, then it should not be expected to change. But if the size information about public folders has been gathered by summing the folder sizes using PowerShell, those numbers need to be inflated before used for settings in the target environment.
Public Folders also have new limits since the data is not contained in one or more public folder “mailbox” objects. Since the data is now in mailboxes, it inherits all the limits of mailboxes as well, some of which a public folder database never had. It is highly recommended to review the public folder limits of Exchange 2016 before starting: https://docs.microsoft.com/en-us/exchange/collaboration/public-folders/limits
If your source public folder data is more than 50 GB, you will likely need to have multiple public folder mailboxes which adds new complexity. Unfortunately, if a public folder mailbox fills up, data does not “spill over” into a new mailbox – data stops being added and users receive cryptic messages of a simple “failed to save item” pattern. Priasoft’s tools have unique and automated handling of this challenge by calculating and mapping source folders to specific target mailboxes.
There are additional topics to discuss about public folders. Contact our team if you’d like to know more.
Memory/RAM
Exchange 2010 works with a concept of “shared memory”. This was not necessarily because of any explicit design choice by Microsoft, but is due to the fact that all mailboxes databases were loaded and managed by a single background process (store.exe). In windows, multiple threads of an application can access the same memory region, if desired. As such, it was common to see store.exe reserve 80% of available host RAM for caching of information and quick responses. This reserved ram could be adjusted by Exchange as needed to service different database and the demand for data being requested from them.
However, this also meant that it was a single-point-of-failure or attack. If an issue were to occur with one database, all databases would be affected. Additionally, for some other system operations and if a configuration change were necessary, it could require that store.exe be restarted, which would drop access to all databases until it was restarted.
Exchange 2013 and later use a separate “worker” process for each mailbox database that is mounted. While this added some valuable resiliency and database-level configuration management, is also means that each database has a fixed amount of reserved RAM. Running 20 database on Exchange 2010 can be done efficiently with a set amount of RAM. However, the same amount of RAM on Exchange 2016 might not be as efficient for the same number of databases.
If Exchange has insufficient RAM, then it will start to use the windows “paging file” to provide more “virtual RAM”. This means that databases, some, most, or possibly all can be sluggish for reads and writes. Furthermore, if you consider an exchange backup situation where the backup calls cause the fetching of data from the paging file, backups can become very slow. If the setup is a simple environment where the database files for Exchange use the same disk as the operating system, then the performance of the host can suffer even more. If you layer the effects of a migration on top of that as well, we hope it is seen how sufficient RAM-per-database is important.
Failing to properly consider this ratio can lead to very intermittent issues. On one day, the demand on the databases is low, so the effect of the paging file is not noticeable. However, on a later date, when heavy demand arrives, things seem sluggish. Maybe a reboot of the server is made and things seem ok again for a while, but the repeat again after some time. These are common symptoms of this topic.
CPU/Core Count
Exchange 2010, when compared to Exchange 2016, had a much simpler “footprint” on a server with regards to processing and services. A default install of Exchange 2010, with all 3 roles (CAS, HUB, MBX) has about 24 services that are “Exchange” (this is not even including the IIS related services). In contrast Exchange 2016 has over 30 core services, and that’s is without the inclusion of any database “worker” processes. Exchange 2016 has added many more health services to provide much better resiliency and issue forecasting that any prior version, but the cost is CPU utilization. Also, Exchange 2016’s full text indexing seems to be more aggressive and adds to the CPU load when a flood of new data arrives (think migration). Lastly, the IIS (web) components used by Exchange have also expanded.
The point we are trying to make is to not simply adopt the same paradigm for capacity planning and host resource allocations as was done with prior versions of Exchange. We find in even a simply lab setting, that Exchange 2016 only runs smoothly with an 8-core host, or more, and sufficient RAM as described above.
It is especially important consider this for virtualized hosts since the memory allocations can be dynamic (not recommended either). We suggest monitory the paging file related performance counters on exchange servers to see how often and if there are any trends with regards to Exchange having to use the paging file. This is true both for migrations and for normal daily use.
Connection Protocols
Exchange 2010 supported two different connection types for Outlook/MAPI: RPC-over-TCP, and RPC-over-HTTP. The older legacy RPC-over-TCP is the original MAPI communication protocol that uses Windows RPC conversations. The protocol is quite secure, but not very flexible especially for the more disconnected and loosely coupled environments we now see. The latter connection type, RPC-over-HTTP is also known as Outlook Anywhere. This was first introduced in a service pack for Exchange 2003. This protocol simply wrapped the RPC calls in HTTP conversations. This allows for Outlook to access mailboxes securely from outside the organization using SSL/TLS security mechanisms to encrypt the wire traffic.
Exchange 2013 and later no longer support RPC-over-TCP connections from client applications (it is still used on the server itself, but only on the local host). Exchange 2016 provides a newer protocol called mapi-HTTP. This newer protocol is more resilient and provides faster connections and authentications and essentially remove the “RPC” conversation and replaced it with newer, purposely designed conversations directly in the HTTP conversations. If nothing else, it removed a layer of translation. Exchange 2016 still provides OutlookAnwhere connections, but Microsoft will slowing fade that protocol away as well over time. It is expected that the next version of Exchange will likely have no support and no option for OutlookAnywhere.
The importance of this consideration is that if Outlook clients before migration are using RPC-over-TCP, it becomes even more important to have a process to update those profiles properly. It also requires a compatible version of Outlook. Outlook 2010 was updated by a hotfix in 2015 to support mapiHTTP. Outlook 2013 received the support in Service Pack 1. Outlook 2016 and later have it available from the first release. If end users do not have these updates, they will fail to connect to the target mailbox after migration, even though the profile is properly updated by Priasoft.
An additional consideration is for applications that use MAPI. Such applications likely do not rely upon AutoDiscover to detect changes and so may not know that a new protocol need to be used with Exchange 2016.
Conclusions
Test! Test! Test!
The old saying, those who fail to plan, plan to fail, could be rewritten to: those who fail to test, will fail the test.
Priasoft provides the most robust testing capability yet seen, and with 20 years of direct experience in migrations, also provide guidance for testing in ways that many other cannot due to that same lack of tenure in these events.
We are experts in 2010 to 2016 Migration, to learn more about our solutions follow the link below:
We’d be happy to discuss how this pattern can work for your next or current migration project. We can also show this process first hand in a lab setting if desired.
https://www.priasoft.com/wp-content/uploads/2018/08/migrationbanner.jpg200940Travis Williams/wp-content/uploads/2016/01/Pria_email_logo.pngTravis Williams2018-08-22 17:39:472026-04-23 13:19:58Migrate Exchange 2010 To 2016
This release includes the public preview of the integration of PingFederate in Azure AD Connect. With this release customers can easily and reliably configure their Azure Active Directory environment to leverage PingFederate as their federation provider.
Update to the Azure AD Connect Wizard Troubleshooting Utility, now analyzes more error scenarios, such as AD Dynamic Groups and Linked Mailboxes.
Device Writeback configuration is now managed within the Azure AD Connect Wizard.
New PowerShell Module called ADSyncTools.psm1 has been added that can be used to troubleshoot SQL Connectivity issues along with other troubleshooting utilities.
A new additional task “Configure device options” has been added. You can use the task to configure the following two operations:
Hybrid Azure AD join: If your environment has an on-premises AD footprint and you also want benefit from the capabilities provided by Azure Active Directory, you can implement hybrid Azure AD joined devices. These are devices that are both joined to your on-premises Active Directory and your Azure Active Directory.
Device writeback: Device writeback is used to enable conditional access based on devices to AD FS (2012 R2 or higher) protected devices.
Most customers will receive this update automatically via Auto Upgrade or you can always download the latest version of Azure AD Connect here.
https://www.priasoft.com/wp-content/uploads/2024/10/HomePg_Image_PMSE.png150150Priasoft Editorial Team/wp-content/uploads/2016/01/Pria_email_logo.pngPriasoft Editorial Team2018-06-06 18:30:272026-04-23 13:20:01Microsoft released a new version of AADC version (1.1.819.0) with updated changes and improvements.
We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
Essential Website Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.
We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
Other external services
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Google reCaptcha Settings:
Vimeo and Youtube video embeds:
Privacy Policy
You can read about our cookies and privacy settings in detail on our Privacy Policy Page.
